From 24bf11958906b88fda7c3074befee91261a6a760 Mon Sep 17 00:00:00 2001 From: Clemens Date: Tue, 9 Jul 2024 11:10:40 +0200 Subject: [PATCH 1/5] updated to forgejo version 7.0 --- src/main/cljc/dda/c4k_forgejo/forgejo.cljc | 2 +- src/main/resources/forgejo/appini-env-configmap.yaml | 7 +++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/src/main/cljc/dda/c4k_forgejo/forgejo.cljc b/src/main/cljc/dda/c4k_forgejo/forgejo.cljc index b9de1f8..faa9ed5 100644 --- a/src/main/cljc/dda/c4k_forgejo/forgejo.cljc +++ b/src/main/cljc/dda/c4k_forgejo/forgejo.cljc @@ -71,7 +71,7 @@ (def federated-image-name "domaindrivenarchitecture/c4k-forgejo-federated") (def federated-image-version "latest") (def non-federated-image-name "codeberg.org/forgejo/forgejo") -(def non-federated-image-version "1.19") +(def non-federated-image-version "7.0") (defn-spec generate-image-str string? [config config?] diff --git a/src/main/resources/forgejo/appini-env-configmap.yaml b/src/main/resources/forgejo/appini-env-configmap.yaml index 348a62a..247d2c2 100644 --- a/src/main/resources/forgejo/appini-env-configmap.yaml +++ b/src/main/resources/forgejo/appini-env-configmap.yaml @@ -16,7 +16,6 @@ data: FORGEJO__database__NAME: forgejo FORGEJO__database__LOG_SQL: "false" FORGEJO__database__SSL_MODE: disable - FORGEJO__database__CHARSET: utf8 #[DEFAULT] APP_NAME: APPNAME @@ -37,12 +36,12 @@ data: #[mailer] FORGEJO__mailer__ENABLED: "true" FORGEJO__mailer__FROM: FROM - FORGEJO__mailer__MAILER_TYPE: smtp+startls + FORGEJO__mailer__PROTOCOL: smtp+starttls FORGEJO__mailer__SMTP_ADDR: MAILERHOST FORGEJO__mailer__SMTP_PORT: MAILERPORT #[oauth2] - FORGEJO__oauth2__ENABLE: "true" + FORGEJO__oauth2__ENABLED: "true" #[openid] FORGEJO__openid__ENABLE_OPENID: "true" @@ -76,7 +75,7 @@ data: FORGEJO__service__REQUIRE_SIGNIN_VIEW: "false" FORGEJO__service__REGISTER_EMAIL_CONFIRM: "true" FORGEJO__service__ENABLE_NOTIFY_MAIL: "true" - FORGEJO__service__EMAIL_DOMAIN_WHITELIST: WHITELISTDOMAINS + FORGEJO__service__EMAIL_DOMAIN_ALLOWLIST: WHITELISTDOMAINS FORGEJO__service__ALLOW_ONLY_EXTERNAL_REGISTRATION: "false" FORGEJO__service__ENABLE_BASIC_AUTHENTICATION: "true" FORGEJO__service__ENABLE_CAPTCHA: "false" From 07eb505d5314f2dfc1da43fdc778e756eab11874 Mon Sep 17 00:00:00 2001 From: Clemens Date: Tue, 9 Jul 2024 11:26:39 +0200 Subject: [PATCH 2/5] Added option for dedicated federation-enables and fixed tests --- src/main/cljc/dda/c4k_forgejo/core.cljc | 3 ++- src/main/cljc/dda/c4k_forgejo/forgejo.cljc | 12 ++++++------ src/test/cljc/dda/c4k_forgejo/forgejo_test.cljc | 12 ++++++------ 3 files changed, 14 insertions(+), 13 deletions(-) diff --git a/src/main/cljc/dda/c4k_forgejo/core.cljc b/src/main/cljc/dda/c4k_forgejo/core.cljc index 868937b..19b20b6 100644 --- a/src/main/cljc/dda/c4k_forgejo/core.cljc +++ b/src/main/cljc/dda/c4k_forgejo/core.cljc @@ -9,7 +9,7 @@ [dda.c4k-common.postgres :as postgres] [dda.c4k-common.namespace :as ns])) -(def config-defaults {:issuer "staging", :deploy-federated "false"}) +(def config-defaults {:issuer "staging", :deploy-federated "false", :federation-enabled "false"}) (def rate-limit-defaults {:max-rate 10, :max-concurrent-requests 5}) (def config? (s/keys :req-un [::forgejo/fqdn @@ -19,6 +19,7 @@ ::forgejo/service-noreply-address] :opt-un [::forgejo/issuer ::forgejo/deploy-federated + ::forgejo/federation-enabled ::forgejo/default-app-name ::forgejo/service-domain-whitelist ::forgejo/forgejo-image-version-overwrite diff --git a/src/main/cljc/dda/c4k_forgejo/forgejo.cljc b/src/main/cljc/dda/c4k_forgejo/forgejo.cljc index faa9ed5..5e14937 100644 --- a/src/main/cljc/dda/c4k_forgejo/forgejo.cljc +++ b/src/main/cljc/dda/c4k_forgejo/forgejo.cljc @@ -33,6 +33,7 @@ (s/def ::default-app-name string?) (s/def ::fqdn pred/fqdn-string?) (s/def ::deploy-federated boolean-string?) +(s/def ::federation-enabled boolean-string?) (s/def ::mailer-from pred/bash-env-string?) (s/def ::mailer-host pred/bash-env-string?) (s/def ::mailer-port pred/bash-env-string?) @@ -53,6 +54,7 @@ ::service-noreply-address] :opt-un [::issuer ::deploy-federated + ::federation-enabled ::default-app-name ::service-domain-whitelist ::forgejo-image-version-overwrite])) @@ -88,7 +90,7 @@ (defn generate-appini-env [config] (let [{:keys [default-app-name - deploy-federated + federation-enabled fqdn mailer-from mailer-host @@ -97,7 +99,7 @@ service-noreply-address] :or {default-app-name "forgejo instance" service-domain-whitelist fqdn}} config - deploy-federated-bool (boolean-from-string deploy-federated)] + federation-enabled-bool (boolean-from-string federation-enabled)] (-> (yaml/load-as-edn "forgejo/appini-env-configmap.yaml") (cm/replace-all-matching-values-by-new-value "APPNAME" default-app-name) @@ -109,7 +111,7 @@ (cm/replace-all-matching-values-by-new-value "WHITELISTDOMAINS" service-domain-whitelist) (cm/replace-all-matching-values-by-new-value "NOREPLY" service-noreply-address) (cm/replace-all-matching-values-by-new-value "IS_FEDERATED" - (if deploy-federated-bool + (if federation-enabled-bool "true" "false"))))) @@ -166,11 +168,9 @@ (defn-spec generate-deployment pred/map-or-seq? [config config?] - (let [{:keys [deploy-federated]} config - deploy-federated-bool (boolean-from-string deploy-federated)] (-> (yaml/load-as-edn "forgejo/deployment.yaml") - (cm/replace-all-matching-values-by-new-value "IMAGE_NAME" (generate-image-str config))))) + (cm/replace-all-matching-values-by-new-value "IMAGE_NAME" (generate-image-str config)))) (defn generate-service [] diff --git a/src/test/cljc/dda/c4k_forgejo/forgejo_test.cljc b/src/test/cljc/dda/c4k_forgejo/forgejo_test.cljc index e8837bd..8ea7db0 100644 --- a/src/test/cljc/dda/c4k_forgejo/forgejo_test.cljc +++ b/src/test/cljc/dda/c4k_forgejo/forgejo_test.cljc @@ -14,7 +14,7 @@ (deftest should-generate-image-str (testing "non-federated-image" - (is (= "codeberg.org/forgejo/forgejo:1.19" + (is (= "codeberg.org/forgejo/forgejo:7.0" (cut/generate-image-str {:fqdn "test.de" :mailer-from "" :mailer-host "m.t.de" @@ -63,12 +63,12 @@ :FORGEJO__server__ROOT_URL-c2 "https://test.com", :FORGEJO__server__SSH_DOMAIN-c1 "test.de", :FORGEJO__server__SSH_DOMAIN-c2 "test.com", - :FORGEJO__service__EMAIL_DOMAIN_WHITELIST-c1 "adb.de", - :FORGEJO__service__EMAIL_DOMAIN_WHITELIST-c2 "test.com,test.net", + :FORGEJO__service__EMAIL_DOMAIN_ALLOWLIST-c1 "adb.de", + :FORGEJO__service__EMAIL_DOMAIN_ALLOWLIST-c2 "test.com,test.net", :FORGEJO__service__NO_REPLY_ADDRESS-c1 "", :FORGEJO__service__NO_REPLY_ADDRESS-c2 "noreply@test.com"} (th/map-diff (cut/generate-appini-env {:default-app-name "" - :deploy-federated "false" + :federation-enabled "false" :fqdn "test.de" :mailer-from "" :mailer-host "m.t.de" @@ -76,7 +76,7 @@ :service-domain-whitelist "adb.de" :service-noreply-address ""}) (cut/generate-appini-env {:default-app-name "test forgejo" - :deploy-federated "true" + :federation-enabled "true" :fqdn "test.com" :mailer-from "test@test.com" :mailer-host "mail.test.com" @@ -97,7 +97,7 @@ :spec {:containers [{:name "forgejo", - :image "codeberg.org/forgejo/forgejo:1.19", + :image "codeberg.org/forgejo/forgejo:7.0", :imagePullPolicy "IfNotPresent", :envFrom [{:configMapRef {:name "forgejo-env"}} {:secretRef {:name "forgejo-secrets"}}], :volumeMounts [{:name "forgejo-data-volume", :mountPath "/data"}], From c8ad539a25dabfcb52edf32548956bdadcd39fce Mon Sep 17 00:00:00 2001 From: Clemens Date: Wed, 10 Jul 2024 11:39:46 +0200 Subject: [PATCH 3/5] added namespace to runbook commands --- doc/Runbook_UpgradeFrom1.19To7.0.5.md | 62 ++++++++++++++------------- 1 file changed, 33 insertions(+), 29 deletions(-) diff --git a/doc/Runbook_UpgradeFrom1.19To7.0.5.md b/doc/Runbook_UpgradeFrom1.19To7.0.5.md index 19ca6c2..f6fcf06 100644 --- a/doc/Runbook_UpgradeFrom1.19To7.0.5.md +++ b/doc/Runbook_UpgradeFrom1.19To7.0.5.md @@ -9,70 +9,70 @@ ## Preparations -1. Stop Forgejo Prod: `k scale deployment forgejo --replicas=0` -1. Disable Backup Cron: `k patch cronjobs forgejo-backup -p '{"spec" : {"suspend" : true }}'` -1. Scale up Backup-Restore Deployment: `kubectl scale deployment backup-restore --replicas=1` -1. Execute Manual Backup: `kubectl exec -it backup-restore-... -- /usr/local/bin/backup.sh` +1. Stop Forgejo Prod: `k scale -n forgejo deployment forgejo --replicas=0` +1. Disable Backup Cron: `k patch -n forgejo cronjobs forgejo-backup -p '{"spec" : {"suspend" : true }}'` +1. Scale up Backup-Restore Deployment: `kubectl scale -n forgejo deployment backup-restore --replicas=1` +1. Execute Manual Backup: `kubectl exec -n forgejo -it backup-restore-... -- /usr/local/bin/backup.sh` ### Create 2nd Repo Prod Server 1. Terraform Preparations for 2nd Server: TODO 1. Install c4k-forgejo Version TODO with config `"forgejo-image-version-overwrite": "1.19.3-0"` -1. Stop Forgejo Deployment: `k scale deployment forgejo --replicas=0` -1. Disable Backup Cron: `k patch cronjobs forgejo-backup -p '{"spec" : {"suspend" : true }}'` -1. Scale up Backup-Restore Deployment: `kubectl scale deployment backup-restore --replicas=1` +1. Stop Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0` +1. Disable Backup Cron: `k patch -n forgejo cronjobs forgejo-backup -p '{"spec" : {"suspend" : true }}'` +1. Scale up Backup-Restore Deployment: `kubectl scale -n forgejo deployment backup-restore --replicas=1` 1. Restore Forgejo Backup: See [BackupAndRestore.md](BackupAndRestore.md) 1. Check for `..._INSTALL_LOCK: true` in ConfigMap `forgejo-env` -1. Scale up Forgejo Deployment and check for (startup) problems: `k scale deployment forgejo --replicas=1` +1. Scale up Forgejo Deployment and check for (startup) problems: `k scale -n forgejo deployment forgejo --replicas=1` ## Upgrade to 1.20.1-0 -1. Scale down Forgejo Deployment: `k scale deployment forgejo --replicas=0` -1. Adjust configmap: `k edit cm forgejo-env` +1. Scale down Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0` +1. Adjust configmap: `k edit -n forgejo cm forgejo-env` 1. Remove `FORGEJO__database__CHARSET: utf8` (This was a misconfiguration, since this option only had effect for mysql dbs) 1. Change `FORGEJO__mailer__MAILER_TYPE: smtp+startls` TO `FORGEJO__mailer__PROTOCOL: smtp+starttls` (Missed deprecation from 1.19) 1. Change `FORGEJO__service__EMAIL_DOMAIN_WHITELIST: repo.test.meissa.de` TO `FORGEJO__service__EMAIL_DOMAIN_ALLOWLIST: repo.test.meissa.de` (Fallback deprecation in 1.21) -1. Delete app.ini: `k exec -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini` -1. Set version to `1.20.1-0` with `k edit deployment forgejo` -1. Scale up Forgejo Deployment: `k scale deployment forgejo --replicas=1` +1. Delete app.ini: `k exec -n forgejo -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini` +1. Set version to `1.20.1-0` with `k edit -n forgejo deployment forgejo` +1. Scale up Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=1` 1. Check for errors ## Upgrade to 1.21.1-0 -1. Scale down Forgejo Deployment: `k scale deployment forgejo --replicas=0` -1. Delete app.ini: `k exec -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini` -1. Set version to `1.21.1-0` with `k edit deployment forgejo` -1. Scale up Forgejo Deployment: `k scale deployment forgejo --replicas=1` +1. Scale down Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0` +1. Delete app.ini: `k exec -n forgejo -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini` +1. Set version to `1.21.1-0` with `k edit -n forgejo deployment forgejo` +1. Scale up Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=1` 1. Check for errors 1. After upgrading, login as an admin, go to the `/admin` page and click run `Sync missed branches from git data to databases` (`Fehlende Branches aus den Git-Daten in die Datenbank synchronisieren`). If this is not done there will be messages such as `LoadBranches: branch does not exist in the logs`. ## Upgrade to 7.0.0 -1. Scale down Forgejo Deployment: `k scale deployment forgejo --replicas=0` -1. Adjust configmap: `k edit cm forgejo-env` +1. Scale down Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0` +1. Adjust configmap: `k edit -n forgejo cm forgejo-env` 1. Change `FORGEJO__oauth2__ENABLE: "true"` TO `FORGEJO__oauth2__ENABLED: "true"` -1. Delete app.ini: `k exec -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini` -1. Set version to `7.0.0` with `k edit deployment forgejo` -1. Scale up Forgejo Deployment: `k scale deployment forgejo --replicas=1` +1. Delete app.ini: `k exec -n forgejo -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini` +1. Set version to `7.0.0` with `k edit -n forgejo deployment forgejo` +1. Scale up Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=1` 1. Check for errors ## Upgrade to 7.0.5 (no breaking changes) TODO: Upgrade to 8.0.0 instead after Release! -1. Scale down Forgejo Deployment: `k scale deployment forgejo --replicas=0` -1. Delete app.ini: `k exec -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini` -1. Set version to `7.0.5` with `k edit deployment forgejo` -1. Scale up Forgejo Deployment: `k scale deployment forgejo --replicas=1` +1. Scale down Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0` +1. Delete app.ini: `k exec -n forgejo -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini` +1. Set version to `7.0.5` with `k edit -n forgejo deployment forgejo` +1. Scale up Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=1` 1. Check for errors ## Post Work 1. Switch DNS to new server -1. Reenable Backup Cron on new server: `k patch cronjobs forgejo-backup -p '{"spec" : {"suspend" : false }}'` -1. Execute manual Backup on new server: `kubectl exec -it backup-restore-... -- /usr/local/bin/backup.sh` -1. Scale down Backup-Restore Deployment: `kubectl scale deployment backup-restore --replicas=1` +1. Reenable Backup Cron on new server: `k patch -n forgejo cronjobs forgejo-backup -p '{"spec" : {"suspend" : false }}'` +1. Execute manual Backup on new server: `kubectl exec -n forgejo -it backup-restore-... -- /usr/local/bin/backup.sh` +1. Scale down Backup-Restore Deployment: `kubectl scale -n forgejo deployment backup-restore --replicas=1` 1. The scope of all access tokens might (invisibly) have changed (in v1.20). Thus, rotate all tokens! 1. Users should check their ssh keys: if they use rsa keys the minimum length should be 3072 bits! However, shorter keys should still work. @@ -85,3 +85,7 @@ In the logs the following error can be found. This will be resolved automaticall ``` 2024/07/08 08:31:30 ...g/config_provider.go:321:deprecatedSetting() [E] Deprecated fallback `[log]` `ROUTER` present. Use `[log]` `logger.router.MODE` instead. This fallback will be/has been removed in 1.21 ``` + +# Add Shynet Analytics + +1. Log into shynet & create new Service From 3a7c868f366c71a3bba6569df9a4efdf047a7e48 Mon Sep 17 00:00:00 2001 From: patdyn Date: Wed, 10 Jul 2024 14:00:31 +0200 Subject: [PATCH 4/5] [Skip-CI] Add Analytics doc --- doc/Runbook_UpgradeFrom1.19To7.0.5.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/doc/Runbook_UpgradeFrom1.19To7.0.5.md b/doc/Runbook_UpgradeFrom1.19To7.0.5.md index f6fcf06..45cbf69 100644 --- a/doc/Runbook_UpgradeFrom1.19To7.0.5.md +++ b/doc/Runbook_UpgradeFrom1.19To7.0.5.md @@ -89,3 +89,19 @@ In the logs the following error can be found. This will be resolved automaticall # Add Shynet Analytics 1. Log into shynet & create new Service + 1. Copy the generated html snippet and save it somewhere you remember +1. SSH into prod server +1. Make the necessary folders and files in forgejo data dir: + 1. `kubectl exec -n forgejo -it forgejo-... -- bash` + 1. `mkdir -p /data/gitea/templates/custom` + 1. `touch /data/gitea/templates/custom/footer.tmpl` +1. Open the `footer.tmpl` and paste the saved snippet +1. Restart the pod + 1. `k scale -n forgejo deployment forgejo --replicas=0` + 1. `k scale -n forgejo deployment forgejo --replicas=1` +1. Add Information about analytics: Clone Datenschutz Repo + 1. `git clone ssh://git@repo.prod.meissa.de:2222/meissa/Datenschutz.git` +1. Merge forgejo-upgrade into main + 1. `git merge forgejo-upgrade` +1. Push to origin + 1. `git push` From 65958b52f82cb0effc43d521fbf041c81bdc5878 Mon Sep 17 00:00:00 2001 From: patdyn Date: Tue, 6 Aug 2024 13:03:04 +0200 Subject: [PATCH 5/5] [Skip-CI] Add website to contact info --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c596a59..4006533 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # convention 4 kubernetes: c4k-forgejo [![Clojars Project](https://img.shields.io/clojars/v/org.domaindrivenarchitecture/c4k-forgejo.svg)](https://clojars.org/org.domaindrivenarchitecture/c4k-forgejo) [![pipeline status](https://gitlab.com/domaindrivenarchitecture/c4k-forgejo/badges/master/pipeline.svg)](https://gitlab.com/domaindrivenarchitecture/c4k-forgejo/-/commits/main) -[DeltaChat chat over e-mail](mailto:buero@meissa-gmbh.de?subject=community-chat) | [team@social.meissa-gmbh.de team@social.meissa-gmbh.de](https://social.meissa-gmbh.de/@team) | [Website & Blog](https://domaindrivenarchitecture.org) +[DeltaChat chat over e-mail](mailto:buero@meissa-gmbh.de?subject=community-chat) | [M meissa@social.meissa-gmbh.de](https://social.meissa-gmbh.de/@meissa) | [Blog](https://domaindrivenarchitecture.org) | [Website](https://meissa.de) ## Purpose @@ -55,6 +55,6 @@ For more details about our repository model see: https://repo.prod.meissa.de/mei ## License -Copyright © 2023 meissa GmbH +Copyright © 2024 meissa GmbH Licensed under the [Apache License, Version 2.0](LICENSE) (the "License") Pls. find licenses of our subcomponents [here](doc/SUBCOMPONENT_LICENSE) \ No newline at end of file